diff --git a/arlas-core/src/main/java/io/arlas/server/core/FluidSearch.java b/arlas-core/src/main/java/io/arlas/server/core/FluidSearch.java index 310c4d672..718ac8679 100644 --- a/arlas-core/src/main/java/io/arlas/server/core/FluidSearch.java +++ b/arlas-core/src/main/java/io/arlas/server/core/FluidSearch.java @@ -52,12 +52,15 @@ import org.elasticsearch.search.aggregations.support.ValuesSourceAggregationBuilder; import org.elasticsearch.search.sort.SortBuilders; import org.elasticsearch.search.sort.SortOrder; +import org.locationtech.jts.operation.valid.IsValidOp; +import org.locationtech.jts.operation.valid.TopologyValidationError; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; import java.util.*; import java.util.regex.Pattern; +import java.util.stream.Collectors; public class FluidSearch { @@ -67,6 +70,7 @@ public class FluidSearch { public static final String INVALID_OPERATOR = "Operand does not equal one of the following values : 'eq', gte', 'gt', 'lte', 'lt', 'like' or 'ne'. "; public static final String INVALID_Q_FILTER = "Invalid parameter. Please specify the text to search directly or '{fieldname}:{text to search}'. "; public static final String INVALID_WKT = "Invalid WKT geometry."; + public static final String INVALID_WKT_RANGE = "Invalid WKT geometry.Coordinate out of range"; public static final String INVALID_BBOX = "Invalid BBOX"; public static final String INVALID_SIZE = "Invalid size parameter."; public static final String INVALID_FROM = "Invalid from parameter."; @@ -792,10 +796,22 @@ else if (order.equals(Order.desc)) } private Geometry readWKT(String geometry) throws ArlasException { - WKTReader wkt = new WKTReader(); + GeometryFactory geometryFactory = new GeometryFactory(new PrecisionModel(), 4326); + Envelope affectedBounds = new Envelope(-360, 360, -180, 180); + WKTReader wkt = new WKTReader(geometryFactory); Geometry polygon = null; try { polygon = wkt.read(geometry); + List filteredCoord = Arrays.stream(polygon.getCoordinates()).filter(coordinate -> affectedBounds.contains(coordinate)).collect(Collectors.toList()); + if(filteredCoord.size() != polygon.getCoordinates().length){ + throw new InvalidParameterException(INVALID_WKT_RANGE); + } + IsValidOp vaildOp = new IsValidOp(polygon); + TopologyValidationError err = vaildOp.getValidationError(); + if (err != null) + { + throw new InvalidParameterException(INVALID_WKT); + } } catch (ParseException ex) { throw new InvalidParameterException(INVALID_WKT); } diff --git a/arlas-tests/src/test/java/io/arlas/server/rest/explore/AbstractFilteredTest.java b/arlas-tests/src/test/java/io/arlas/server/rest/explore/AbstractFilteredTest.java index cfe17ffed..9cbd357fd 100644 --- a/arlas-tests/src/test/java/io/arlas/server/rest/explore/AbstractFilteredTest.java +++ b/arlas-tests/src/test/java/io/arlas/server/rest/explore/AbstractFilteredTest.java @@ -666,6 +666,12 @@ public void testInvalidFilterParameters() throws Exception { handleInvalidParameters(header(request.filter)); request.filter.gwithin = null; + request.filter.gintersect = Arrays.asList(new MultiValueFilter<>("POLYGON((1000 10000,10 -10,0 -10,1000 10000))")); + handleInvalidParameters(post(request)); + handleInvalidParameters(get("gintersect", request.filter.gintersect.get(0).get(0))); + handleInvalidParameters(header(request.filter)); + request.filter.gintersect = null; + request.filter.notgwithin = Arrays.asList(new MultiValueFilter<>("POLYGON((10 10,10 -10,0 -10))")); handleInvalidParameters(post(request)); handleInvalidParameters(get("notgwithin", request.filter.notgwithin.get(0).get(0)));